Stev Leibelt stevleibelt

## reproducer.sh
#!/bin/bash
#
# Run this script multiple times in parallel inside your pool's mount
# to reproduce https://github.com/openzfs/zfs/issues/15526.  Like:
#
# ./reproducer.sh & ./reproducer.sh & ./reproducer.sh & /reproducer.sh & wait
#

if [ $(cat /sys/module/zfs/parameters/zfs_bclone_enabled) != "1" ] ; then
	echo "please set /sys/module/zfs/parameters/zfs_bclone_enabled = 1"

## 20211210-TLP-WHITE_LOG4J.md

      
              1 file
            
          
              94 forks
            
          
              777 comments
            
          
              1090 stars
            
          
                SwitHak
                / 20211210-TLP-WHITE_LOG4J.md
            
            
              Last active
              June 28, 2024 12:07
            
              
                BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
Errors, typos, something to say ?


If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources


Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List


## log4j_rce_detection.md

      
              1 file
            
          
              72 forks
            
          
              70 comments
            
          
              511 stars
            
          
                Neo23x0
                / log4j_rce_detection.md
            
            
              Last active
              June 24, 2024 22:11
            
              
                Log4j RCE CVE-2021-44228 Exploitation Detection
              
          
    log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

  
## weather-card.js
const template = document.createElement('template');

template.innerHTML = `
  <div>
    Hello Weather App
  </div>
`

class WeatherCard extends HTMLElement {
  constructor() {

## ConsoleCursorOnOff.PS1
$MethodDefinitions = @'
using System;
using System.Runtime.InteropServices;

public class ConsoleCursor {

        [StructLayout(LayoutKind.Sequential)]
        internal struct CONSOLE_CURSOR_INFO
        {
            internal uint Size;

## start-cleanup
#  Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://api.cacher.io/raw/0fcd76d0761e565a8c4e/10eb91268af60bb8abb2/start-cleanup'))

Function Start-Cleanup {
<#
.SYNOPSIS
   Automate cleaning up a C:\ drive with low disk space

.DESCRIPTION
   Cleans the C: drive's Window Temperary files, Windows SoftwareDistribution folder,
   the local users Temperary folder, IIS logs(if applicable) and empties the recycling bin.

## Reset-WindowsUpdate.ps1
<#
.SYNOPSIS
Reset-WindowsUpdate.ps1 - Resets the Windows Update components

.DESCRIPTION
This script will reset all of the Windows Updates components to DEFAULT SETTINGS.

.OUTPUTS
Results are printed to the console. Future releases will support outputting to a log file.

## systemd_service_hardening.md

      
              1 file
            
          
              49 forks
            
          
              8 comments
            
          
              349 stars
            
          
                ageis
                / systemd_service_hardening.md
            
            
              Last active
              July 19, 2024 22:23
            
              
                Options for hardening systemd service units
              
          
    security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict


## README.md

      
              1 file
            
          
              15 forks
            
          
              10 comments
            
          
              91 stars
            
          
                tknerr
                / README.md
            
            
              Last active
              January 23, 2024 16:42
            
              
                Vagrant with Ansible Provisioner on Windows
              
          
    Vagrant with Ansible Provisioner on Windows

Long story short, ansible does not work on a Windows control machine, so you basically have to:

either run ansible --connection=local ... in the target vm
set up a separate control vm where ansible is installed via shell provisioner

Below are Vagrantfile examples for both approaches
Within the Target VM


## DirectoryStructure
sf2-ddd
├── app
├── bin
├── build
├── lib
├── src
│   └── __VendorPrefix
│       ├── Application
│       │   └── __DomainNameBundle
│       │       ├── Command
	#!/bin/bash
	#
	# Run this script multiple times in parallel inside your pool's mount
	# to reproduce https://github.com/openzfs/zfs/issues/15526. Like:
	#
	# ./reproducer.sh & ./reproducer.sh & ./reproducer.sh & /reproducer.sh & wait
	#

	if [ $(cat /sys/module/zfs/parameters/zfs_bclone_enabled) != "1" ] ; then
	echo "please set /sys/module/zfs/parameters/zfs_bclone_enabled = 1"
	const template = document.createElement('template');

	template.innerHTML = `
	<div>
	Hello Weather App
	</div>
	`

	class WeatherCard extends HTMLElement {
	constructor() {
	$MethodDefinitions = @'
	using System;
	using System.Runtime.InteropServices;

	public class ConsoleCursor {

	[StructLayout(LayoutKind.Sequential)]
	internal struct CONSOLE_CURSOR_INFO
	{
	internal uint Size;
	# Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://api.cacher.io/raw/0fcd76d0761e565a8c4e/10eb91268af60bb8abb2/start-cleanup'))

	Function Start-Cleanup {
	<#
	.SYNOPSIS
	Automate cleaning up a C:\ drive with low disk space

	.DESCRIPTION
	Cleans the C: drive's Window Temperary files, Windows SoftwareDistribution folder,
	the local users Temperary folder, IIS logs(if applicable) and empties the recycling bin.
	<#
	.SYNOPSIS
	Reset-WindowsUpdate.ps1 - Resets the Windows Update components

	.DESCRIPTION
	This script will reset all of the Windows Updates components to DEFAULT SETTINGS.

	.OUTPUTS
	Results are printed to the console. Future releases will support outputting to a log file.
	sf2-ddd
	├── app
	├── bin
	├── build
	├── lib
	├── src
	│ └── __VendorPrefix
	│ ├── Application
	│ │ └── __DomainNameBundle
	│ │ ├── Command